SILICA 7.22 Release Notes
Group Policy Exploit for Microsoft Windows (MS15-011)
- Tested on Windows 7 targets joined to Windows 2008 R2 domain
controllers (DC). The SILICA VM's host should be on the same network
than the DC, that means packets should be able to reach the DC, and
the DNS server address should point to the DC. This exploit was tested
while on FakeAp with service impersonation mode. When successful, this
module will make changes to some registry values under
HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Window
on the target.
SMB Transparent Proxy
- When running a FakeAp with service impersonation, SILICA intercepts all
SMB packets. SMB traffic accessing ".exe" files will be modified to
include backdoors. This works as long as mandatory SMB signing is not
enabled on the target.
Use-after-free in Adobe Flash Player (CVE-2015-5119)
This release also include some bug fixes, included:
- Issue with ARP scanning in man-in-the-middle/main-in-the-middle module.
- Issue with FakeAp module when handling large number of connections.
- Issue with FakeAp with service impersonation module with slow DNS
resolving.
Demo: SMB proxy and group policy exploit